Stored Cross-Site Scripting Vulnerability in FactoryTalk DataMosaix by Rockwell Automation
CVE-2026-9292

8.4HIGH

What is CVE-2026-9292?

A security issue within FactoryTalk DataMosaix™ Private Cloud arises from improper handling of user inputs in the Workflows configuration. This Stored Cross-Site Scripting vulnerability allows authenticated attackers with elevated privileges to inject harmful scripts into the server. As a result, these malicious scripts can be executed in the browsers of other users visiting the compromised page. This malicious activity can lead to unintended consequences such as account takeover, credential theft, or users being redirected to malicious sites, significantly compromising the security of the application.

Affected Version(s)

FactoryTalk® DataMosaix™ Private Cloud Version 8.02 and below

References

CVSS V4

Score:
8.4
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.